Fix gitea ssh

home-mods/shell/default.nix

@@ -240,6 +240,8 @@ in
       zellij
       zstd
       neovim
+      lazydocker
+      lazygit
     ];
   };
 }

os-mods/common/default.nix

@@ -66,6 +66,7 @@
   };
 
   environment.systemPackages = with pkgs; [
+    fclones
     curl
     fish
     figlet
@@ -141,7 +142,7 @@
     fish.enable = true;
     gnupg.agent = {
       enable = true;
-      enableSSHSupport = true;
+      # enableSSHSupport = true; # breaks gitea foo
       pinentryPackage = lib.mkForce pkgs.pinentry-qt;
     };
   };

os-mods/netdata/default.nix

@@ -44,17 +44,6 @@
         "enabled" = "yes";
       };
     };
-
-    configDir = {
-      "stream.conf" = pkgs.writeText "stream.conf" ''
-        [8fcb63b3-8361-4339-a010-fc459c2132b0]
-        enabled = yes
-        default history = 36000
-        default memory mode = dbengine
-        health enabled by default = auto
-        allow from = 192.*
-      '';
-    };
   };
 
   networking.firewall.allowedTCPPortRanges = [

systems/nixos-he4/default.nix

@@ -23,6 +23,9 @@
       cryptsetup
     ];
 
+    users.groups.git = {
+      gid = 974;
+    };
     users.users = {
       root.openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
@@ -33,6 +36,15 @@
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"
       ];
 
+      git = {
+        uid = 974;
+        group = "git";
+        isSystemUser = true;
+        homeMode = "700";
+        createHome = true;
+        home = "/home/git";
+        shell = "/home/git/ssh-shell";
+      };
       tristand = {
         isNormalUser = true;
         description = "tristand";
@@ -68,6 +80,22 @@
 
         inherit pkgs config inputs system lib;
       };
+      users.git = {
+        home = {
+          stateVersion = "23.11";
+          username = "git";
+          homeDirectory = "/home/git";
+          file."ssh-shell" = {
+            enable = true;
+            executable = true;
+            text = ''
+              #!/bin/sh
+              shift
+              ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $@"
+            '';
+          };
+        };
+      };
     };
 
     nix.settings.system-features = [
@@ -106,7 +134,7 @@
           enable = true;
           ssh = {
             enable = true;
-            port = 2222;
+            port = 22;
             hostKeys = [
               /etc/nixos/ext/ssh/ssh_host_ed25519_key
               /etc/nixos/ext/ssh/ssh_host_rsa_key
@@ -136,6 +164,13 @@
       cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
     };
 
+    services.netdata.config = {
+      web = {
+        "bind to" = "0.0.0.0";
+        "allow connections from" = "172.*";
+      };
+    };
+
     zramSwap.enable = true;
   };
 }

systems/nixos-karl-kvm-guest/default.nix

@@ -67,6 +67,17 @@
 
   services.qemuGuest.enable = true;
 
+  services.netdata.configDir = {
+    "stream.conf" = pkgs.writeText "stream.conf" ''
+      [8fcb63b3-8361-4339-a010-fc459c2132b0]
+      enabled = yes
+      default history = 36000
+      default memory mode = dbengine
+      health enabled by default = auto
+      allow from = 192.*
+    '';
+  };
+
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.reopen5194 = {
     isNormalUser = true;